<?php
//start session, local variables, ect.
include('includes/init.php');
include('includes/functions/images.php');

if(!perms_check('images', 'upload')) {
	plugins('std/unauth/');
	echo('<html><body onload="javscript:window.close();"></body></html>');
	exit;
}

if($_GET['a'] == 'upload') {
	$errors = 0;

	if(eregi('\.\.', $_POST['path']) or $_POST['path'] == '/' or $_POST['path'] == '') {
		echo "Error!";
		exit;
	}
	
	if($_POST['directory']=='create' && $_POST['name']) {
		img_mkdir(false);
		$_POST['path'].=$_POST['name'].'/';
	}
	
	$files=0;
	for($i = 0; $i <= $_POST['maxID']; $i++) {
		//file name
		if(!$_POST['name_'.$i]) {
			if($_POST['how_image_'.$i] == 'form')
				$_POST['name_'.$i] = basename($_FILES['image_form_'.$i]['name']);
			elseif($_POST['how_image_'.$i] == 'link')
				$_POST['name_'.$i] = end($foo = explode('/', $_POST['image_link_'.$i]));
		}	
		$_POST['name_'.$i] = read_text_filename($_POST['name_'.$i]);
		//

		//file extension
		if(strpos($_POST['name_'.$i], '.')===false) {
			if($_POST['how_image_'.$i] == 'form')
				$_POST['name_'.$i] .= '.'.end($foo = explode('.', $_FILES['image_form_'.$i]['name']));
			elseif($_POST['how_image_'.$i] == 'link')
				$_POST['name_'.$i] .= '.'.end($foo = explode('.', $_POST['image_link_'.$i]));				
		}

		if(($_POST['how_image_'.$i] == 'form' and (filesize($_FILES["image_form_$i"]['tmp_name']) == 0 or !is_uploaded_file($_FILES['image_form_'.$i]['tmp_name'])  or ($_FILES['image_form_'.$i]['tmp_name'] == '')))) {
			$errors++;
			continue;
		}

		if(file_exists($conf['images_dir'].$_POST['path'].$_POST['name_'.$i])) {
			$errors++;
			continue;
		}

		$fext = end($foo=explode(".", $_POST['name_'.$i]));
		if(!eregi("^(gif|jpg|jpeg|png)$", $fext)) {
			$errors++;
			continue;
		}

		//upload
		if($_POST['how_image_'.$i] == 'link') {
			if(!upload_image_from_url($_POST['image_link_'.$i], $conf['images_dir'].$_POST['path'].$_POST['name_'.$i])) {
				$errors++;
				continue;
			}
		}
		elseif($_POST['how_image_'.$i] == 'form')
			upload_image_form($_FILES['image_form_'.$i], $conf['images_dir'].$_POST['path'].$_POST['name_'.$i]);

		//tworzenie miniatury 
		list($width, $height, $new_width, $new_height)=make_image_minature($conf['images_min_dir'].md5($_POST['path'].$_POST['name_'.$i]), $conf['images_dir'].$_POST['path'].$_POST['name_'.$i], $conf['preview_img_width'], $conf['preview_img_height']);

		//dodawanie znaku wodnego
		if($_POST['watermark'] != 0 && $_POST['watermark_pos'] >= 1 && $_POST['watermark_pos'] <= 4)
			watermark($conf['images_dir'].$_POST['path'].$_POST['name_'.$i], $_POST['watermark'], $_POST['watermark_pos']);

		//adding to database
		$date=date('Y-m-d H:i:s');

		$languages = get_lang_list();
		$sql1='';
		$sql2='';
		foreach($languages as $l) {
			$sql1 .= ", `desc_".$l."`, `comments_".$l."`";
			$sql2 .= ", '', ''";
		}

		$db=new dbquery;
		$db->query("INSERT INTO $conf[prefix]images (`id` , `name` , `path` , `date` , `source` ,`source_url` , `author` , `x` , `y` , `minx` , `miny` , `votes` , `total` , `rating` , `views`".$sql1.") VALUES (NULL, '".$_POST['name_'.$i]."', '".$_POST['path']."', '$date', '', '', '$_SESSION[id]', $width, $height, $new_width, $new_height, 0, 0, 0, 0, 0".$sql2.")") or $db->err(__FILE__, __LINE__);
		//

		//run plugins
		plugins('images/img_add/');
		//
		
		
		$files++;
	}
	
	echo '
		<html>
		<head>
		<meta http-equiv="content-type" content="text/html; charset='.$conf['html_character_set'].'">
		<link rel="stylesheet" href="'.$GLOBALS['theme_path'].'css.css" type="text/css">
		<link rel="stylesheet" href="'.$GLOBALS['theme_path'].'basic.css" type="text/css">
		</head><body bgcolor="white" style="margin: 0px;">
		<table width="100%" height="100%" cellspacing="0" cellpadding="0" border="0" class="tabelka2">
		<tr>
		<td valign="top">
		<table border="0" width="100%" class="tabelka2" align="center">
		<tr>
		<td class="row_1" align="center"><b>
		';
	if($errors == 0)
		echo $lang['images_upload_report_ok'];
	else
		echo string_template($lang['images_upload_report'], array("errors" => $errors));
	echo '</b></td></tr>
		<tr>
		<td class="row_2" align="center"><input type="button" class="button" onclick="javscript: return parent.nd();" value="'.$lang['close_window'].'" /> <input type="button" class="button" onclick="javscript:history.go(-1);" value="'.$lang['back'].'" /></td>
		</tr></table>
		</td></tr></table></body></html>';
	exit;
}
else {
	//odpowiednie przygotowanie zmiennych pod "stworz podkatalog"
	if(is_module_installed($_GET['module']) && file_exists($conf['images_dir'].$_GET['dir'])) {
		$dir_parent=$_GET['module'].'/';
		$_GET['dir']=$_GET['module'].'/';
		if(is_numeric($_GET['id']) && file_exists($conf['images_dir'].$_GET['dir'].$_GET['id'].'/')) {
			$_GET['dir'].=$_GET['id'].'/';
			$subdir=NULL;
		} elseif(is_numeric($_GET['id'])) {
			$subdir=$_GET['id'];
		}
		else {
			$db=new dbquery;
			$db->query("SHOW TABLE STATUS LIKE '".$conf['prefix'].$_GET['module']."';") or $db->err(__FILE__, __LINE__);
			
			$subdir=$db->fetch_object();
			$subdir=$subdir->Auto_increment;
			
			if(file_exists($conf['images_dir'].$_GET['dir'].$subdir.'/') && $_GET['cmd']!='add') {
				$_GET['dir'].=$subdir.'/';
				$subdir=NULL;
			} elseif(file_exists($conf['images_dir'].$_GET['dir'].$subdir.'/')) {
				while(file_exists($conf['images_dir'].$_GET['dir'].$subdir.'/'))
					$subdir++;
			}
										
		}
	}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=<?echo($conf['html_character_set']);?>" />
<link rel="stylesheet" href="<?echo($GLOBALS['theme_path']);?>css.css" type="text/css" />
<link rel="stylesheet" href="<?echo($GLOBALS['theme_path']);?>basic.css" type="text/css" />
<title><?echo($lang['images_upload']);?></title>
	<script type="text/javascript">
	var currentID = 0;

	function addField() {
		currentID++;
		var text = '<table width="400" cellspacing="0" cellpadding="5" border="0">\n<tr><td width="100" align="left" class="row_' + ((currentID%2)+1) + '"><A href="javascript:void();" onclick="javascript:delField(this);return false;"><img src="<?echo($GLOBALS['theme_path'].$GLOBALS['theme_img']['collapse']);?>" alt="" /> <?echo($lang['admin_delete']);?></td></tr><tr valign="top"><td align="left" class="row_' + ((currentID%2)+1) + '"><input type="radio" name="how_image_' + currentID + '" class="radio" value="form" class="button" checked /><?echo($lang['disk']);?> <input type="file" name="image_form_' + currentID + '" class="button" onchange="document.upload_img.how_image_' + currentID + '[0].checked=true;" /></td></tr><tr><td align="left" class="row_' + ((currentID%2)+1) + '"><input type="radio" name="how_image_' + currentID + '" class="radio" value="link" class="button">URL: <input type="text" name="image_link_' + currentID + '" class="button" value="http://" class="button" onchange="document.upload_img.how_image_' + currentID + '[1].checked=true;" /></td></tr><tr><td align="left" class="row_' + ((currentID%2)+1) + '"><?echo($lang['file_name']);?>: <input name="name_' + currentID + '" id="name_' + currentID + '" type="text" class="button" value="' + (currentID+1) + '"></td></tr></table>';

		var tbl = document.getElementById('files');
		var row = tbl.insertRow(tbl.rows.length);
		var cell = row.insertCell(0);
		cell.setAttribute('colspan', '2');
		cell.setAttribute('align', 'center');
		cell.setAttribute('valign', 'top');
		cell.innerHTML = text;

		var counter = document.getElementById('maxID');
		counter.setAttribute('value', currentID);
	}

	function delField(x) {
		var tbl = document.getElementById('files');
		tbl.deleteRow(x.parentNode.parentNode.parentNode.parentNode.parentNode.parentNode.rowIndex);
	}
	</script>
</head>
<body style="margin: 0; padding: 0;">
<form name="upload_img"  enctype="multipart/form-data" method="post" action="images_upload.php?a=upload&cmd=<?echo($_GET['cmd']);?>&form=<?echo($_GET['form']);?>&amp;nodir=<?echo($_GET['nodir']);?>">
<table width="100%" height="100%" cellspacing="0" cellpadding="0" border="0" class="tabelka2">
<tr>
	<td valign="top">
		<table border="0" width="100%" class="tabelka2" align="center" id="files">
		<tr>
			<td class="row_1" width="100"><input type="hidden" name="maxID" id="maxID" value="0" /><?echo($lang['directory']);?>:</td>
			<td class="row_1">

			<input type="radio" name="directory" value="path" <?if(!$subdir){?>checked="true"<?}?> />
	
	<select name="path" id="path" class="button" onchange="document.upload_img.directory[0].checked=true;" >
		<option value="<?echo($dir_parent);?>"><?echo($dir_parent);?></option>
<?php
	if(!$_GET['dir']) {
		$path_options = null;
		dir_list($dir_parent, 1, 'new');
		echo $path_options;
	}
?>
	</select>
			
			<br /><input type="radio" name="directory" value="create" <?if($subdir){?>checked="true"<?}?> /> <?echo($lang['admin_create_subdir']);?> <input type="text" name="name" size="12" class="button" value="<?echo($subdir);?>" onchange="document.upload_img.directory[1].checked=true;" />

			</td>
		</tr>
		<tr>
			<td class="row_2"><?echo($lang['watermark_watermark']);?>:</td>
			<td class="row_2">

			<select name="watermark" class="button">
<?php
	$db = new dbquery;
	$db->query("SELECT id,name FROM $conf[prefix]watermark ORDER BY name") or $db->err(__FILE__, __LINE__);

	//watermark
	$watermark_options = "<option value=\"0\" selected>$lang[watermark_none]</option>";
	while($wm = $db->fetch_object()) {
		if($wm->id==$conf['img_def_watermark'])
			$select='selected';
		else
			$select='';
		$watermark_options .= "<option value=\"$wm->id\" ".$select.">$wm->name</option>";
	}
	echo $watermark_options;
?>
			</select>
			</td>
		</tr>
		<tr>
			<td class="row_1"><?echo($lang['watermark_position']);?>: </td>
			<td class="row_1">
			<select name="watermark_pos" class="button">
			<option value="1" <?if($conf['img_def_watermark_pos']==1) echo('selected');?>><?echo($lang['watermark_tl']);?></option>
			<option value="2" <?if($conf['img_def_watermark_pos']==2) echo('selected');?>><?echo($lang['watermark_tr']);?></option>
			<option value="3" <?if($conf['img_def_watermark_pos']==3) echo('selected');?>><?echo($lang['watermark_bl']);?></option>
			<option value="4" <?if($conf['img_def_watermark_pos']==4) echo('selected');?>><?echo($lang['watermark_br']);?></option>
			</select>

			</td>
		</tr>
		<tr>
			<td class="row_1" colspan="2">
			<a href="#" onClick="addField();return false;"><img src="<?echo($GLOBALS['theme_path'].$GLOBALS['theme_img']['expand']);?>" alt="" /> <?echo($lang['admin_add']);?></a>
			</td>
		</tr>
		<tr>
			<td colspan="2">
				<table width="400" cellspacing="0" cellpadding="5" border="0" align="center">
				<tr valign="top">
					<td align="left" class="row_1"><input type="radio" name="how_image_0" value="form" class="button" checked="true" /><?echo($lang['disk']);?> <input type="file" name="image_form_0" class="button" onchange="document.upload_img.how_image_0[0].checked=true;" />
					</td>
				</tr>
				<tr>
					<td align="left" class="row_1"><input type="radio" name="how_image_0" class="radio" value="link"  class="button">URL: <input type="text" name="image_link_0" class="button" value="http://" class="button" onchange="document.upload_img.how_image_0[1].checked=true;" />
					</td>
				</tr>
				<tr>
					<td align="left" class="row_1"><?echo($lang['file_name']);?>: <input name="name_0" ID="name_0" type="text" class="button" value="1" /></td>
				</tr>
				</table>
			</td>
		</tr>
		</table>
		<table border="0" width="100%" class="tabelka2">
		<tr>
			<td class="row_1" colspan="2">
			<a href="#" onClick="addField();return false;"><img src="<?echo($GLOBALS['theme_path'].$GLOBALS['theme_img']['expand']);?>" alt="" /> <?echo($lang['admin_add']);?></a>
			</td>
		</tr>		
		<tr>
			<td class="row_2" valign="top">
			<input type="submit" class="button" name="submit" value="upload" />
			</td>
		</tr>
		</table>
	</td>
</tr>
</table>
</FORM>
</body>
</html>
<?php
}
?>
